Bonsoir à tous,
Je viens de découvrir quelques problèmes sur mon ordinateur.
Utilisant Mozilla Firefox, j'ai ete très etonné de voir IE s'afficher sur une page inconnue (about:blank) au lancement de ma machine... Les aides concernant la résolution de ce problème semblant varier, je joins ici mon log de hi jack.
Ensuite, j'ai parfois un message dans un pop up dans une fenetre ressemblant aux messages système de indows en un peu plus "java"... :
Windows Security Center Warning :
Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer ?
Oui Non
Ce genre de message, ca me parait bien suspect aussi.... Vu que j'utilise normalement Norton... Mais peut être que pour une fois, windows fonctionne comme il le doit, et que son AV a détecté quelque chose...
De même, j'ai parfois une tache qui s'affiche, et qui me dit a peu près la même chose... Ne sachant pas trop ce que c'est, j'ai préféré ne pas cliquer dessus, et l'ignorer plutot que de degrader la situation encore plus. (Un petit bouclier rouge en icone, le commentaire étant "your computer may be at risk" si je me rappelle bien.
Logfile of HijackThis v1.99.1
Scan saved at 23:55:22, on 18/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\d3yc.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
E:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
E:\WINDOWS\System32\sstray.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\PROGRA~1\Wanadoo\CnxMon.exe
E:\PROGRA~1\MESSAG~1\StartMessager.exe
E:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
E:\PROGRA~1\Wanadoo\TaskbarIcon.exe
E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
E:\Program Files\Wanadoo\EspaceWanadoo.exe
E:\Program Files\Ahead\InCD\InCD.exe
E:\WINDOWS\System32\P2P Networking\P2P Networking.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\crwt.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Wanadoo\ComComp.exe
E:\Program Files\No-IP\DUC20.exe
E:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
E:\Program Files\Wanadoo\Watch.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\WINDOWS\System32\divxsm.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Utils\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\oxmwo.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\oxmwo.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\system32\oxmwo.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\oxmwo.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\oxmwo.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\oxmwo.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F60F66A7-27AF-E10E-175C-B2B316EDFED5} - E:\WINDOWS\system32\ipua.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar\01.01.1629.0\fr\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] E:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] E:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] E:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] E:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [P2P Networking] E:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] E:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [crwt.exe] E:\WINDOWS\system32\crwt.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: No-IP DUC.lnk = E:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] Client.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] owdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9A7BE57-4404-4973-94D9-D44F1E6CF3A3}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - E:\WINDOWS\system32\d3yc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Voila pour le scan de hijack. Merci d'avance.